07-29-2016 11:27 AM - edited 03-07-2019 12:18 AM
I have just changed from a nethear FVS336 to a Cisco RVS 325 and have one last item I cannot get set up.
We use a number of http services behind the router and access the using a port for each server, so port 8123 gets forwarded to port 80 on server IP x.x.x.123.
I have setup port 8123 in the Port Address Transalation Table to set sent to x.x.x.123 port 80 and this work ok from outside the office using the dns entry for the routers public IP.
However when accessing this from inside the office this does not work. Our previous netgear router worked ok.
From some investigation today this sounds like its a NAT loopback/hairpin issue if I understand the problem correctly.
How do i get this to work on the RVS325?
Thanks
08-10-2016 02:32 AM
Hi Ian,
Yes this is a hairpinning issue. This is actually one of the most popular discussions.
But anyway, you can try the below config:
int Fa0/0
ip add 10.10.10.1 255.255.255.0
desc LAN
ip nat inside
int Fa0/1
ip add 1.1.1.1 255.255.255.0
desc WAN
ip nat outside
int lo0
ip add 10.11.11.1 255.255.255.255
ip nat inside
ip virtual-reassembly in
ip access-list extended LAN_HAIRPIN
permit ip 10.10.10.0 0.0.0.255
route-map LAN_HAIRPIN permit 10
match address LAN_HAIRPIN
set ip next-hop 10.11.11.2
int Fa0/1
ip policy route-map LAN_HAIRPIN
You could have tried using NVI which is much simpler, but i don't think the RVS series supports that. But i might be wrong.
Hope this helps.
Regards,
Terence
08-10-2016 09:19 AM
Can you please explain this configuration:
set ip next-hop 10.11.11.2
?
08-10-2016 11:50 PM
Hi Tonymctony,
Route map states that any packets that match access-list LAN_HAIRPIN will have the next hop set to 10.11.11.2 and be routed "out" the loopback interface. All other packets will be routed normally. We use 10.11.11.2 because this next-hop is seen as located on the loopback interface which would result in policy routing to loopback0. Alternatively, we could have used "set interface loopback0" which would have done the same thing.
HTH
Regards,
Terence
08-11-2016 02:23 AM
Thank you for the explanation. However, I am confused by this then:
int lo0
ip add 10.11.11.1 255.255.255.255 - doesn't this mean that there is only one address in the loopback interface network segment? Therefore, the next hop address 10.11.11.2 is meaningless.
08-11-2016 04:10 AM
Hi,
The 10.11.11.2 is just an arbitrary value as you cannot have a next-hop pointing to the router itself.
Like i said previously, you could have used the set interface loopback0. Basically what will happen is that loopback0 will do a 'recursive lookup'.
Regards,
Terence
08-10-2016 01:59 PM
Oddly we are now sometimes seeiing the URLs resolve and I am not sure what/if we have made any other changes.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: